Stellar Lumens (XLM) - 3 Common Misconceptions about ICO Law

Recently, many blockchain companies have been exploring the use of
initial coin offerings (ICOs) to raise funds to launch and grow
ambitious projects. As a lawyer and cryptocurrency enthusiast, I’ve
spoken to numerous Silicon Valley entrepreneurs about their ICO plans.
My company, Lightyear.io, has helped multiple blockchain entrepreneurs
integrate with the Stellar ecosystem
for their token infrastructure needs. We hope that the recent torrent
of innovation in the blockchain and distributed ledger technologies will
lay the groundwork for what could be the next generation internet.

ICOs have the promise to expand financial inclusion, generate
built-in user networks, and spur extensive open-source development.
However, companies should be aware of the regulatory and legal landscape
so that they may proactively act to avoid future civil and criminal
liabilities. During our discussions with ICO-curious companies, I’ve
noticed that many founders share some of the same misconceptions about
the legal implications of ICOs. In this post, I hope to help blockchain
entrepreneurs better navigate this developing space by clearing up a few
common misunderstandings surrounding the regulatory landscape.

Misconception #1: My token is a “utility token”. Therefore, it is not a security.

Reality: A utility token is a token that can be used
to access a product or service. Some analogize utility tokens to gift
cards or software/network licenses, which are not traditionally
considered securities. The value of a utility token theoretically
derives from its consumptive use.

If a token has a significant utility in the operation of the
application, it may be less likely to be considered a security (since
this characteristic may help the token to fail the Howey test, as
discussed below). However, be wary of umbrella statements that “utility
tokens are not securities.” The reality is that utility tokens can
indeed be considered a security under the definitions set forth in
Section 2(a)(1) of the Securities Act of 1933
(1933 Act) and Section 3(a)(1) of the Securities Exchange Act of 1934
(1934 Act). The fact that a utility exists is not determinative in
determining whether the token is a security. If it were, we’d get an
absurd result: any offering could escape securities law jurisdiction
simply by building in a trivial utility to the token. Imagine a
tokenized share of stock, except the token also enables you to redeem it
for a cat GIF.

Until the SEC delivers on-point guidance through rule-making, no action
letters, interpretative releases, or more, no one can say for certain
that utility tokens are not securities. The most likely outcome is that
some types of utility tokens are securities, and some types are not,
evaluated on a case-by-case, fact-based basis.

Misconception #2: My token didn’t meet the definition of a security under the Howey test. Therefore, it can’t be a security!

Reality: The threshold question is whether a
particular token would be considered a security under the 1933 Act and
the 1934 Act. If the answer is yes, the token may be subject to various
SEC registration, exemption, sale, transference, and reporting
requirements.

Section 2(a)(1) of the 1933 Act and Section 3(a)(1) of the 1934 Act
enumerate multiple instruments that are considered securities. The
definition of security includes notes, stock, security futures, swaps,
bonds, debentures, options, investment contracts, and more. The
“investment contract” phrase has acted as a catch-all phrase to
encompass innovative financial arrangements that have the spirit of a
security, but may not meet the description of the enumerated
instruments.

Applying Howey’s 4-Factor Test

In SEC v. W. J. Howey Co. (1946), the U.S. Supreme Court provided a
four-part test for whether an arrangement constitutes an “investment
contract”. The test checks whether there is (1) an investment of money
(2) in a common enterprise (3) with an expectation of profits (4) which
are derived solely from the efforts of the promoters or third parties.

The idea that utility tokens may not be considered securities arises
from the thought that if a token has a utility, then any expectation of
profit would derive mainly from the token’s consumptive value, not on
the efforts of third parties. Therefore, the fourth factor would fail,
making the arrangement not an investment contract. Marco Santori from
Cooley provides a more in-depth analysis of Howey for tokens here. Coinbase, Coin Center, Union Square Ventures, and Consensys have also built-out a thoughtful securities law framework to test whether a token may be considered a security.

While the Howey test is relied upon to judge whether an arrangement is
an investment contract, Howey is not the end-all-be-all test to check
whether a token is a security. A court may choose a different test.

Applying Reves’s Family Resemblance Test

A separate securities test is the Reves “family resemblance” test
from the 1990 U.S. Supreme Court decision in Reves v. Ernst and Young.
The Reves test articulates four factors to determine when a note, one of
the enumerated categories of securities in the 1933 and 1934 Act,
should be classified as a security.

In Reves, the default presumption is that a note is a security, but this
presumption could be rebutted if it bears a “family resemblance” to one
of the enumerated categories on a judicially developed list of
exceptions. The Reves test considers: (1) the parties’ motivation for
entering into the transaction, (2) whether there was a trading market
for investment in the instrument, (3) the expectation of the investing
public, and (4) whether there are other regulatory schemes applicable to
the instrument that could reduce risk to the buyer. Based on this test,
the court determines whether a note resembles an excepted non-security
note and is therefore not a security.

While Reves applies to notes, the same judicial rationale could be
extended to other enumerated categories of securities. The Howey and
Reves tests could both be applied — for example, even if a token is not
an investment contract under Howey jurisprudence, it could be considered
a security under Reves. A token issuer should be mindful of how Howey
and Reves may apply to its token.

Applying the Risk Capital Test

Token issuers also have to consider securities regulation beyond the
SEC. Issuers who distribute their tokens all across the U.S. may have to
comply with each state’s securities regime (i.e. “Blue Sky” laws). This
means a token that is beyond the jurisdiction of the SEC may still be
subject to securities regulation by one or more of the states.

States may use different frameworks to judge what constitutes a
security. For example, courts in California, Arkansas, Michigan,
Washington, Oregon, and other states have instituted a “risk capital”
test. In California, the risk capital test considers whether there is
attempt by an issuer to (1) raise funds for a business venture or
enterprise (2) through an indiscriminate offering to the public at
large, (3) where the investor is in a passive position to affect the
success of the enterprise, and (4) the investor’s money is substantially
at risk because it is inadequately secured.

Using this test, the California Supreme Court found that country club
memberships were securities in a landmark case called Silver Hills
Country Club v. Sobieski (1961). In this case, an organization attempted
to finance improvements on a country club by selling club memberships.
The membership did not entitle the holder to any share of profits — it
only enabled the holder to use club facilities. The court held that
courts have to look through form to substance to protect the public from
schemes to attract “risk capital” with which a company can develop a
business for profit. The purchaser has to contribute capital in a high
risk project for there to be any chance that the benefits of club
membership will materialize.

A state that uses the risk capital test may apply it in conjunction with
Howey. A transaction is considered a security if it satisfies either
test. Given that many token issuers are raising funds from the general
public for business ventures in which passive investors contribute
capital to help materialize a risky product, the risk capital test may
be applicable in many circumstances.

Misconception #3: I’ve been assured by the best law firms that my
token will not be considered a security subject to U.S. federal and
state securities laws. I can now do whatever I want.

Reality: Beyond U.S. securities laws, there are multiple other areas of law that must be considered for a token sale.

Taxes

If a token is not considered a security, then the revenue generated from
the token sale may be considered taxable revenue. This has been one of
the key motivators of structuring offshore foundations to be the token
issuer — offshore foundations may not be subject to some taxation
requirements.

Consumer Protection

Token issuers who make misleading statements may be liable for breach of
contract, false advertising, and fraudulent or negligent inducement, to
name just a few claims. On the federal level, the Federal Trade
Commission could investigate an organization for unfair and deceptive
advertising (e.g. lying about the scope or character of the products and
services promised in an ICO campaign).

On the state level, states have differing consumer protection regulatory
regimes. For example, some states require the organization to refund
consumers if it isn’t able to deliver the product or service.

Anti-Money Laundering

The Bank Secrecy Act and its implementing regulations require Money
Service Businesses to register with the Financial Crimes Enforcement
Network (FinCEN). FinCEN has stated that “exchangers” and
“administrators” in the virtual currency ecosystem are considered money
transmitters (a category of Money Service Businesses), and are therefore
required to register with FinCEN and comply with AML regulations.

By FinCEN’s definition,
an exchanger of virtual currency is a person or entity that is “engaged
as a business in the exchange of virtual currency for real currency,
funds, or other virtual currency.” An administrator of virtual currency
is a person or entity “engaged as a business in issuing (putting into
circulation) a virtual currency, and who has the authority to redeem (to
withdraw from circulation) such virtual currency.” Note that token
issuers may fulfill the definition of an “administrator,” given that
they issue a virtual currency, and may have the authority to withdraw
their virtual currency from circulation.

While registration with FinCEN is quickly done through the bureau’s
website, a company must assume the on-going burden of AML and know your
customer (KYC) compliance programs, including collecting personally
identifying information about customers, monitoring transactions,
reporting suspicious activity, creating risk mitigation plans, and more.
Moreover, most states require money transmission licenses
to operate money transmitter businesses in-state (the definition of
“money transmitter” differs across states). In some states, it can be
very resource-intensive to obtain a money transmission license (e.g. New
York).

Industry-Specific Regulations and Global Regulatory Regimes

Beyond taxes, consumer protection, and AML, each token issuer has to
consider the legal implications of their underlying business. For
example, an organization that issues a token that can be used to “win”
an award may be subject to gambling regulations. An organization that
transmits personal data across a blockchain may be subject to various
privacy laws. All these must be considered.

Beyond U.S. laws altogether, the token issuer may be subject to the
regulations of many, if not all, of the countries where its token
holders reside. Each country would have its own regulatory scheme for
securities, tax, consumer protection, AML, and more.

Innovate! But Tread Carefully

The legality of token sales is a complicated question with multiple
dimensions for consideration. DIY lawyering in this space is not a wise
decision. A good lawyer would be able to help you assess what and how
legal frameworks may apply to your organization’s operations and needs.
Moreover, a lawyer would be able to help assess the risks of prosecution
and help craft a regulatory strategy. Law firms like Cooley, Perkins
Coie, and Morrison Foerster have been leaders in this space.

Despite current regulatory uncertainty, I’m excited about the recent
surge of innovation in distributed ledger and blockchain technologies. I
believe that sustainable growth in this space will require the
community to respect the intent of regulatory schemas and comply with
necessary regulations. At the same time, the community should advocate
for necessary change and self-regulate in areas where there are
significant risks of public harm that have not been addressed by current
law.

Best wishes to all blockchain entrepreneurs! Whether you’re considering
an ICO or you’re interested in building out cryptographic token
infrastructure for your business, please contact the Lightyear.io team
at [email protected] if you’d like to discuss how Stellar technology can help you launch secure and production-ready token infrastructure.

Lindsay is a counsel and program manager at Lightyear.io, a company powered by Stellar.
Lightyear helps institutions implement distributed ledger
infrastructure to send payments (and other transactions) across borders
as easily as sending an email. The content in this post is offered as
general legal information and does not constitute legal advice.
Lightyear does not provide legal consultation services.